2014 Latest CompTIA CAS-001 Exam Dump Free Download!

QUESTION 1 At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the company’s statistical anomaly-based IDS about a company database administrator performing unusual transactions. At 10:55 a.m. the security administrator resets the database administrator’s password. At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?

A. The IDS logs are compromised. B. The new password was compromised. C. An input validation error has occurred. D. A race condition has occurred.

Answer: D

QUESTION 2 Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B’s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?

A. Purchase the product and test it in a lab environment before installing it on any live system. B. Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it. C. Purchase the product and test it on a few systems before installing it throughout the entire company. D. Use Company A’s change management process during the evaluation of the new product.

Answer: D

QUESTION 3 The marketing department at Company A regularly sends out emails signed by the company’s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?

QUESTION 4 A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the following BEST describes the rationale behind this architecture?

QUESTION 5 A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has been using VoIP lines encrypted from the handset to the PBX for several years. Which of the following should be done to address this issue for the future?

QUESTION 6 Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?

A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking. B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site. C. Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site. D. Port security on all switches, point to point VPN tunnels for user connections to servers, two- factor authentication, a sign-in roster, and a warm site.

Answer: C

QUESTION 7 A company currently does not use any type of authentication or authorization service for remote access. The new security policy states that all remote access must be locked down to only authorized personnel. The policy also dictates that only authorized external networks will be allowed to access certain internal resources. Which of the following would MOST likely need to be implemented and configured on the company’s perimeter network to comply with the new security policy? (Select TWO).

QUESTION 10 Several critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain buffer overflow attacks. The security administrator is required to ensure all systems have the latest updates while minimizing any downtime. Which of the following is the BEST risk mitigation strategy to use to ensure a system is properly updated and operational?

A. Distributed patch management system where all systems in production are patched as updates are released. B. Central patch management system where all systems in production are patched by automatic updates as they are released. C. Central patch management system where all updates are tested in a lab environment after being installed on a live production system. D. Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system.

Answer: D

QUESTION 11 Which of the following statements are true about network-attached storage (NAS)? Each correct answer represents a complete solution. Choose all that apply.

QUESTION 15 Which of the following are the purposes of the Cost-benefit analysis process? Each correct answer represents a complete solution. Choose two.

A. To describe the future value on the investment of the project B. To see how it compares with alternate projects C. To determine if an investment is sound D. To support benefit management, measurement, and reporting